3.2.Â Secure Design
Methodology

Writing secure applications takes a very scrutinous and
pessimistic outlook on life. Applications should be run with
the principle of “least privilege” so that no
process is ever running with more than the bare minimum access
that it needs to accomplish its function. Previously tested
code should be reused whenever possible to avoid common
mistakes that others may have already fixed.

One of the pitfalls of the UNIXÂ® environment is how easy it
is to make assumptions about the sanity of the environment.
Applications should never trust user input (in all its forms),
system resources, inter-process communication, or the timing of
events. UNIXÂ® processes do not execute synchronously so logical
operations are rarely atomic.